Question 1

Which of the following statements best describes operational risk?

Accepted Answer

A)   The risk arising from adverse business decisions
B)   The risk arising from negative public opinion
C)   The risk arising from problems with service or product delivery
D)   The risk of loss resulting from inadequate or failed internal processes, people, or systemsE) B) and C)
F) C) and D)

Question 2

Which key part of the NY DFS Cybersecurity Regulation covers training and monitoring?

Accepted Answer

A)   Section 500.06
B)   Section 500.12
C)   Section 500.14
D)   Section 500.17E) B) and C)
F) B) and D)

Question 3

Which of the following refers to the risk arising from problems with service or product delivery?

Accepted Answer

A)   Operational risk
B)   Transactional risk
C)   Strategic risk
D)   Compliance riskE) A) and B)
F) All of the above

Question 4

The Federal Reserve Board is responsible for regulating which of the following?

Accepted Answer

A)   Bank holding companies and member banks of the Federal Reserve System
B)   National banks, federal saving associations, and federal branches of foreign banks
C)   Federally charted credit unions
D)   State-chartered banksE) A) and B)
F) None of the above

Question 5

Which of the following is an evidence-based examination that compares current practices against internal or external criteria?

Accepted Answer

A)   Appraisal
B)   Audit
C)   Assurance
D)   AssessmentE) A) and B)
F) A) and C) B

Question 6

Which of the following is used by regulatory agencies to uniformly assess financial institutions based on a rating scale of 1 to 5, with 1 representing the best rating and least degree of concern, and 5 representing the worst rating and highest degree of concern?

Accepted Answer

A)   NY DFS
B)   URSIT
C)   BSCA
D)   GLBAE) A) and D)
F) A) and C)

Question 7

Which of the following testing methodologies measures how well controls and safeguards work by subjecting the system to an attack?

Accepted Answer

A)   Assessment
B)   Audit
C)   Assurance
D)   All of the aboveE) B) and C)
F) A) and B)

Question 8

Which of the following agencies regulates financial institutions not covered by other agencies?

Accepted Answer

A)   Federal Trade Commission (FT
C)  
B)   Commodity Futures Trading Commission (CFT
C)  
C)   National Credit Union Administration (NCU
A)  
D)   Federal Deposit Insurance Corporation (FDI
C)  E) All of the above
F) B) and C)

Question 9

What is the FTC implementation of the GBLA?

Accepted Answer

A)   Interagency guidelines
B)   Guidelines for Safeguarding Member Information
C)   Safeguards Act
D)   Banks Holding Company ActE) C) and D)
F) B) and D)

Question 10

Which of the following threats must financial institutions address?

Accepted Answer

A)   Denial of service
B)   Unauthorized access
C)   Malware
D)   All of the aboveE) A) and D)
F) B) and C)

Question 11

Which of the following gives federal financial regulators statutory authority to regulate and examine the services a technology service provider (TSP)  performs for FDIC-insured financial institutions?

Accepted Answer

A)   FDIC
B)   FFIEC
C)   NIST
D)   BSCAE) A) and D)
F) B) and C)

Question 12

Which of the following statements best describes reputational risk?

Accepted Answer

A)   The risk arising from adverse business decisions
B)   The risk arising from negative public opinion
C)   The risk arising from problems with service or product delivery
D)   The risk of loss resulting from inadequate or failed internal processes, people, or systemsE) B) and D)
F) B) and C) B

Question 13

Which of the following is an interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions?

Accepted Answer

A)   NCUA
B)   FRB
C)   FDIC
D)   FFIECE) B) and C)
F) All of the above

Question 14

Which of the following, also known as social engineering, is a methodology by which an individual impersonates someone else to extract sensitive information from them?

Accepted Answer

A)   Pretexting
B)   System infiltration
C)   Corporate identity theft
D)   Denial of serviceE) A) and D)
F) B) and C)

Question 15

Which of the following is not considered NPPI?

Accepted Answer

A)   Social Security number
B)   Customer account number
C)   Credit card account number
D)   Credit historyE) A) and B)
F) All of the above B

Question 16

Which of the following best describes an assessment?

Accepted Answer

A)   Evidenced-based examination that compares current practices against a specific internal or external criteria
B)   A focused privileged inspection to determine condition, locate weakness or vulnerabilities, and identity corrective actions
C)   Testing controls by performing vulnerability assessment tests that simulate real attacks
D)   Configuring the System and Security logs on each system to record and audit activitiesE) A) and C)
F) B) and D)

Question 17

Which of the following statements best describes strategic risk?

Accepted Answer

A)   The risk arising from adverse business decisions
B)   The risk arising from negative public opinion
C)   The risk arising from problems with service or product delivery
D)   The risk of loss resulting from inadequate or failed internal processes, people, or systemsE) A) and B)
F) A) and C)

Question 18

What is the term used to describe names, addresses, and phone numbers when linked to bank and credit card account information?

Accepted Answer

A)   Private information
B)   Nonpublic personal information
C)   Nonpublic private information
D)   Personal informationE) B) and D)
F) A) and B)

Question 19

According to the Interagency Guidelines, who must approve the bank's written information security program?

Accepted Answer

A)   Chief Executive Officer
B)   Chief Security Officer
C)   Board of Directors
D)   Information ownerE) C) and D)
F) None of the above

Question 20

Which of the following agencies regulates state-chartered banks?

Accepted Answer

A)   Federal Trade Commission (FT
C)  
B)   Commodity Futures Trading Commission (CFT
C)  
C)   National Credit Union Administration (NCU
A)  
D)   Federal Deposit Insurance Corporation (FDI
C)  E) A) and B)
F) A) and D)

Exam 13: Regulatory Compliance for Financial Institutions

Which of the following statements best describes operational risk?

Correct AnswerverifiedShow Answer

Which key part of the NY DFS Cybersecurity Regulation covers training and monitoring?

Correct AnswerverifiedShow Answer

Which of the following refers to the risk arising from problems with service or product delivery?

Correct AnswerverifiedShow Answer

The Federal Reserve Board is responsible for regulating which of the following?

Correct AnswerverifiedShow Answer

Which of the following is an evidence-based examination that compares current practices against internal or external criteria?

Correct AnswerverifiedB

Which of the following is used by regulatory agencies to uniformly assess financial institutions based on a rating scale of 1 to 5, with 1 representing the best rating and least degree of concern, and 5 representing the worst rating and highest degree of concern?

Correct AnswerverifiedShow Answer

Which of the following testing methodologies measures how well controls and safeguards work by subjecting the system to an attack?

Correct AnswerverifiedShow Answer

Which of the following agencies regulates financial institutions not covered by other agencies?

Correct AnswerverifiedShow Answer

What is the FTC implementation of the GBLA?

Correct AnswerverifiedShow Answer

Which of the following threats must financial institutions address?

Correct AnswerverifiedShow Answer

Which of the following gives federal financial regulators statutory authority to regulate and examine the services a technology service provider (TSP) performs for FDIC-insured financial institutions?

Correct AnswerverifiedShow Answer

Which of the following statements best describes reputational risk?

Correct AnswerverifiedB

Which of the following is an interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions?

Correct AnswerverifiedShow Answer

Which of the following, also known as social engineering, is a methodology by which an individual impersonates someone else to extract sensitive information from them?

Correct AnswerverifiedShow Answer

Which of the following is not considered NPPI?

Correct AnswerverifiedB

Which of the following best describes an assessment?

Correct AnswerverifiedShow Answer

Which of the following statements best describes strategic risk?

Correct AnswerverifiedShow Answer

What is the term used to describe names, addresses, and phone numbers when linked to bank and credit card account information?

Correct AnswerverifiedShow Answer

According to the Interagency Guidelines, who must approve the bank's written information security program?

Correct AnswerverifiedShow Answer

Which of the following agencies regulates state-chartered banks?

Correct AnswerverifiedShow Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified
B

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified
B

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified
B

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified